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CLAIMS 

What is claimed is: 

\^ A method for isolating a plurality of ports on a layer 2 switch, comprising: 

configuring each of said plurality of ports by a user on said layer 2 switch as a 
protected port or a non-protected port; 

matching a destination address on a data packet with a physical address on said 
layer 2 switch, said data packet received by an ingress port; 

generating a forwarding map for said data packet based upon said destination 
address on said data packet; and 

sending said data packet to said plurality of ports pursuant to said forwarding 

map. 

2. The method of claim 1 wherein said generating step further comprises sending 
said data packet to each of said non-protected ports if said destination address is not 
matched with said physical address and said ingress port is a protected port. 

3. The method of claim 1 wherein said generating step further comprises sending 
said data packet to all of said plurality of ports if said destination address is not matched 
with said physical address and said ingress port is a non-protected port. 

4. The method of claim 1 wherein said generating step further comprises allowing 
said data packet to be forwarded from one of said protected ports to each of said non- 
protected ports. 
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5. The method of claim 1 wherein said generating step further comprises allowing 
said data packet to be forwarded between each of said non-protected ports. 

6. The method of claim 1 wherein said generating step further comprises prohibiting 
said data packet to be forwarded between each of said protected ports. 

7. The method of claim 1 wherein said generating step further comprises allowing 
said data packet to be forwarded between one of said non-protected ports to each of said 
protected ports. 

^. A program storage device readable by a machine, tangibly embodying a program 
of instructions executable by the machine to perform a method for isolating a plurality of 
ports on a layer 2 switch, said method comprising: 

configuring each of said plurality of ports by a user on said layer 2 switch as a 
protected port or a non-protected port; 

matching a destination address on a data packet with a physical address on said 
layer 2 switch, said data packet received by an ingress port; 

generating a forwarding map for said data packet based upon said destination 
address on said data packet; and 

sending said data packet to said plurality of ports pursuant to said forwarding 

map. 
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^ An apparatus for isolating a plurality of ports on a layer 2 switch, comprising: 

a port configurer to configure said plurality of ports as a protected port or a non- 
protected port; 

an address table memory storing an address table, said address table having a 
destination address and port number pair; 

a forwarding map generator generating a forwarding map; and 
said forwarding map responsive to a destination address of a data packet so that 
the data packet is forwarded either to a port number paired with the destination address in 
said forwarding table, or if not so paired, said data packet is forwarded to each of said 
non-protected ports on said switch if an ingress port is protected or if said ingress port is 
non-protected, said data packet is forwarded to all of said plurality of ports. 

10. The apparatus of claim 9 wherein said incoming packet is forwarded from one of 
said non-protected ports to other non-protected ports. 

11. The apparatus of claim 9 wherein said data packet is forwarded from one of said 
protected ports to each of said non-protected ports. 

12. The apparatus of claim 9 wherein said data packet is forwarded from one of said 
non-protected ports to each of said protected ports. 
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s An apparatus for isolating a plurality of ports on a layer 2 switch, comprising: 

means to configure each of said plurality of ports on said layer 2 switch as a 
protected or non-protected port; 

means to match a destination address on a data packet with a physical address on 
said layer 2 switch, said data packet received on an ingress port; 

means to generate a forwarding map for said data packet based upon said 
destination address on said data packet; and 

means to send said data packet to said plurality of ports pursuant to said 
forwarding map. 

14. The apparatus of claim 13 wherein said means to generate a forwarding map 
further comprises a means to forward said data packet to each of said non-protected ports 
if said destination address is not matched with said physical address and said ingress port 
is a protected port. 

15. The apparatus of claim 13 wherein said means to generate a forwarding map 
further comprises a means to forward said data packet to all of said plurality of ports if 
said destination address is not matched with said physical address and said ingress port is 
a non-protected port. 

16. The apparatus of claim 13 wherein said means to generate a forwarding map 
further comprises a means to allow said data packet to be forwarded from one of said 
protected ports to each of said non-protected ports. 
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17. The apparatus of claim 13 wherein said means to generate a forwarding map 
further comprises means to allow said data packet to be forwarded between each of said 
non-protected ports. 

18. The apparatus of claim 13 wherein said means to generate a forwarding map 
further comprises prohibiting said data packet to be forwarded between each of said . 
protected ports. 

19. The apparatus of claim 13 wherein said means to generate a forwarding map 
further comprises allowing said data packet to be forwarded between one of said non- 
protected ports to each of said protected ports. 

20. A method for isolating a plurality of ports on a layer 2 switch, comprising: 
maintaining a state for each of said plurality of ports on said layer 2 switch as a 

protected port or a non-protected port; 

matching a destination address on a data packet with a physical address on said 
layer 2 switch, said data packet received by an ingress port; 

generating a forwarding map for said data packet based upon said destination 
address on said data packet; and 

sending said data packet to said plurality of ports pursuant to said forwarding 

map. 
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21. The method of claim 20 wherein said generating step further comprises sending 
said data packet to each of said non-protected ports if said destination address is not 
matched with said physical address and said ingress port is a protected port. 

22. The method of claim 20 wherein said generating step further comprises sending 
said data packet to all of said plurality of ports if said destination address is not matched 
with said physical address and said ingress port is a non-protected port. 

23. The method of claim 20 wherein said generating step further comprises allowing 
said data packet to be forwarded from one of said protected ports to each of said non- 
protected ports. 

24. The method of claim 20 wherein said generating step further comprises allowing 
said data packet to be forwarded between each of said non-protected ports. 

25. The method of claim 20 wherein said generating step further comprises 
prohibiting said data packet to be forwarded between each of said protected ports. 

26. The method of claim 20 wherein said generating step further comprises allowing 
said data packet to be forwarded between one of said non-protected ports to each of said 
protected ports. 
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A program storage device readable by a machine, tangibly embodying a program 
of instructions executable by the machine to perform a method for isolating a plurality of 
ports on a layer 2 switch, said method comprising: 

maintaining a state for each of said plurality of ports on said layer 2 switch as a 
protected port or a non-protected port; 

matching a destination address on a data packet with a physical address on said 
layer 2 switch, said data packet received by an ingress port; 

generating a forwarding map for said data packet based upon said destination 
address on said data packet; and 

sending said data packet to said plurality of ports pursuant to said forwarding 

map. 
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